Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
magdajoele

Vírus gbiehbsb.dll, não consigo remover...

Recommended Posts

Olá,

andei dando uma pesquisada nos fóruns e sei que algumas pessoas já foram ajudadas a se livrarem de um vírus que está no meu pc tb, mas acho que cada caso é um caso, né?

Já tentei várias coisas que recomendara pra outros e pra mim não funcionou, será que tem como me ajudar tb?

É aquele vírus gbiehbsb.dll, que aparece toda vez que ligo o computador. Já instalei o Hijack This, fiz um log(?) e salvei, instalei o Combofix e fiz a mesma coisa, deletei alguns arquivos e fiz de novo um log do Hijack This, mas não sei mais o que fazer, aliás, eu não sei o que fazer...sou totalmente leiga nesse negócio de computador, vírus, hardware, malware, nem sabia que existiam todas essas especificações...por favor, me ajude!:confused:

Não sei se já é cabível, mas vou colocar os logs que fiz:

- O primeiro realizado pelo Hijack This

Logfile of HijackThis v1.99.1

Scan saved at 17:25:13, on 6/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Win\Desktop\ComboFix.exe

C:\Documents and Settings\Win\Configurações locais\Temporary Internet Files\Content.IE5\RRN8RBWT\bitdefender_tsecurity[1].exe

C:\DOCUME~1\Win\CONFIG~1\Temp\IXP000.TMP\setup.exe

C:\Documents and Settings\Win\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Win\CONFIG~1\Temp\IXP000.TMP\"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198714052294

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{26280688-77B0-49F7-B7B0-CD10C0934B9F}: NameServer = 200.165.132.148 200.165.132.155

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

- Depois o Combofix:

ComboFix 08-04-04.1 - Win 2008-04-06 16:47:35.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.161 [GMT -3:00]

Executando de: C:\Documents and Settings\Win\Desktop\ComboFix.exe

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\svchost.exe

C:\WINDOWS\winhlp.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))

.

2008-04-06 16:22 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-06 16:22 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-03-23 21:09 . 2008-03-23 21:09 1,606,904 --a------ C:\googletalk-setup-pt-BR.exe

2008-03-18 22:23 . 2008-03-18 22:23 244 --ah----- C:\sqmnoopt03.sqm

2008-03-18 22:23 . 2008-03-18 22:23 232 --ah----- C:\sqmdata03.sqm

2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\WINDOWS\Sun

2008-03-12 22:45 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-12 22:44 . 2008-03-12 22:45 <DIR> d-------- C:\Arquivos de programas\Java

2008-03-12 22:38 . 2008-03-12 22:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-03-08 23:55 . 2008-03-10 17:36 <DIR> d-------- C:\Arquivos de programas\eMule

2008-03-08 23:55 . 2008-03-08 23:55 2,528,098 --a------ C:\emule048a.exe

2008-03-07 17:14 . 2008-03-08 16:31 <DIR> d-------- C:\Documents and Settings\Win\Dados de aplicativos\MegauploadToolbar

2008-03-07 17:14 . 2008-03-07 17:14 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-06 19:24 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-04-05 19:59 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Skype

2008-04-04 13:51 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-04-02 20:40 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2008-03-24 00:27 --------- d-----w C:\Arquivos de programas\Google

2008-03-02 01:39 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Media Player Classic

2008-03-02 01:39 --------- d-----w C:\Arquivos de programas\XP Codec Pack

2008-03-02 01:38 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\RadLight Company

2008-03-02 01:37 --------- d-----w C:\Arquivos de programas\RadLight Company

2008-02-19 00:11 6,144 ----a-w C:\WINDOWS\mssnmsgr.dll

2008-02-17 21:22 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\skypePM

2008-02-07 21:42 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Canon

2008-02-07 21:42 --------- d-----w C:\Arquivos de programas\Canon

2007-12-27 01:40 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2004-10-01 17:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2007-12-27 15:53 56 --sh--r C:\WINDOWS\system32\4A51B89571.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]

C:\WINDOWS\gbiehbsb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]

"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2007-12-07 14:08 21686568]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 21:11 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"OpwareSE4"="C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-03-11 08:18 354600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-03-11 08:18 354600 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo8"= VfWWDM32.dll

"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2006-07-18 22:41 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--------- 2006-07-18 22:41 53248 C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

--a------ 2003-09-20 16:23 45056 C:\Arquivos de programas\SlySoft\AnyDVD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

-ra------ 2006-06-12 22:57 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

-ra------ 2006-06-12 22:57 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

-ra------ 2006-06-12 22:57 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 15:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 15:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 19:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-07-18 22:42 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2006-07-18 22:42 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

--a------ 2006-09-28 12:16 185896 C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c3ec1e-c812-11dc-9eb7-00197e55884e}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c3ec1f-c812-11dc-9eb7-00197e55884e}]

\Shell\Auto\command - msnmsgr.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{599415b6-b47c-11dc-9e71-00197e55884e}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853d8015-f5dd-11dc-9f30-00197e55884e}]

\Shell\AutoRun\command - fufb6tq3.cmd

\Shell\explore\Command - fufb6tq3.cmd

\Shell\open\Command - fufb6tq3.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aab05648-cab7-11dc-9ebd-00197e55884e}]

\Shell\Auto\command - E:\msnmsgr.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

*Newly Created Service* - ASWFSBLK

*Newly Created Service* - ASWSP

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-06 16:50:20

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-04-06 16:51:47

ComboFix-quarantined-files.txt 2008-04-06 19:51:38

Pre-Run: 99,959,934,976 bytes disponíveis

Post-Run: 99,955,556,352 bytes disponíveis

.

2008-03-12 06:02:32 --- E O F ---

- E novamente o Hijack This:

Logfile of HijackThis v1.99.1

Scan saved at 17:25:13, on 6/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Win\Desktop\ComboFix.exe

C:\Documents and Settings\Win\Configurações locais\Temporary Internet Files\Content.IE5\RRN8RBWT\bitdefender_tsecurity[1].exe

C:\DOCUME~1\Win\CONFIG~1\Temp\IXP000.TMP\setup.exe

C:\Documents and Settings\Win\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\Win\CONFIG~1\Temp\IXP000.TMP\"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198714052294

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{26280688-77B0-49F7-B7B0-CD10C0934B9F}: NameServer = 200.165.132.148 200.165.132.155

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

Agora realmente não sei o que fazer...me ajudem, por favor!

Aguardo uma resposta!

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

File::
C:\WINDOWS\mssnmsgr.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"gbieh.1"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi José Melo, imaginei mesmo que seria você meu salvador!

Então, arrastei o texto que mandou colar no bloco de notas pro Combofix e dai pediu pra executar o programa, cliquei ok, e apareceu uma mensagem dizendo que o "Windows não pode abrir este arquivo: pv.cfexe"

Sabe? Aquela caixa de diálogo que pergunta se você quer usar o serviço da web para encontrar um programa apropriado ou selecionar o programa de uma lista.

Então, desativei os anti-vírus do meu pc e consegui isso:

- Log Combofix

ComboFix 08-04-04.1 - Win 2008-04-06 22:46:01.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.221 [GMT -3:00]

Executando de: C:\Documents and Settings\Win\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Win\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\WINDOWS\mssnmsgr.dll

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\mssnmsgr.dll

.

((((((((((((((((((((((( Ficheiros criados de 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))

.

2008-04-06 22:09 . 2004-08-04 00:45 400,384 --a------ C:\WINDOWS\system32\CF18346.exe

2008-04-06 18:27 . 2008-04-06 18:27 <DIR> d-------- C:\Documents and Settings\Win\Dados de aplicativos\PC Tools

2008-04-06 18:27 . 2008-04-06 18:45 <DIR> d-a------ C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

2008-04-06 18:27 . 2008-04-06 18:46 <DIR> d-------- C:\Arquivos de programas\Spyware Doctor

2008-04-06 18:27 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

2008-04-06 18:27 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

2008-04-06 18:27 . 2008-02-01 12:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-04-06 18:27 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys

2008-04-06 18:04 . 2008-04-06 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Google Updater

2008-04-06 16:22 . 2008-03-29 15:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys

2008-04-06 16:22 . 2008-03-29 15:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys

2008-03-23 21:09 . 2008-03-23 21:09 1,606,904 --a------ C:\googletalk-setup-pt-BR.exe

2008-03-18 22:23 . 2008-03-18 22:23 244 --ah----- C:\sqmnoopt03.sqm

2008-03-18 22:23 . 2008-03-18 22:23 232 --ah----- C:\sqmdata03.sqm

2008-03-12 22:46 . 2008-03-12 22:46 <DIR> d-------- C:\WINDOWS\Sun

2008-03-12 22:45 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-03-12 22:44 . 2008-03-12 22:45 <DIR> d-------- C:\Arquivos de programas\Java

2008-03-12 22:38 . 2008-03-12 22:38 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Java

2008-03-08 23:55 . 2008-03-10 17:36 <DIR> d-------- C:\Arquivos de programas\eMule

2008-03-08 23:55 . 2008-03-08 23:55 2,528,098 --a------ C:\emule048a.exe

2008-03-07 17:14 . 2008-03-08 16:31 <DIR> d-------- C:\Documents and Settings\Win\Dados de aplicativos\MegauploadToolbar

2008-03-07 17:14 . 2008-03-07 17:14 <DIR> d-------- C:\Arquivos de programas\MegauploadToolbar

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-07 01:39 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Adobe

2008-04-06 21:10 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Skype

2008-04-06 21:09 --------- d-----w C:\Arquivos de programas\Google

2008-04-06 20:30 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2008-04-04 13:51 --------- d-----w C:\Arquivos de programas\GbPlugin

2008-04-02 20:40 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

2008-03-29 18:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe

2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2008-03-29 18:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2008-03-29 18:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2008-03-02 01:39 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Media Player Classic

2008-03-02 01:39 --------- d-----w C:\Arquivos de programas\XP Codec Pack

2008-03-02 01:38 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\RadLight Company

2008-03-02 01:37 --------- d-----w C:\Arquivos de programas\RadLight Company

2008-02-17 21:22 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\skypePM

2008-02-07 21:42 --------- d-----w C:\Documents and Settings\Win\Dados de aplicativos\Canon

2008-02-07 21:42 --------- d-----w C:\Arquivos de programas\Canon

2007-12-27 01:40 32 ----a-w C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

2004-10-01 17:00 40,960 ----a-w C:\Arquivos de programas\Uninstall_CDS.exe

2007-12-27 15:53 56 --sh--r C:\WINDOWS\system32\4A51B89571.sys

.

((((((((((((((((((((((((((((( snapshot@2008-04-06_16.51.30,56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-04-07 01:40:39 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1046-7B44-A81200000003}\SC_Reader.exe

- 2008-04-06 19:28:55 59,774 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-04-06 21:28:20 59,774 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-04-06 19:28:56 68,606 ----a-w C:\WINDOWS\system32\perfc016.dat

+ 2008-04-06 21:28:20 68,606 ----a-w C:\WINDOWS\system32\perfc016.dat

- 2008-04-06 19:28:56 395,534 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-04-06 21:28:20 395,534 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-04-06 19:28:56 428,578 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-04-06 21:28:20 428,578 ----a-w C:\WINDOWS\system32\perfh016.dat

+ 2008-04-06 20:31:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a0.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]

"Skype"="C:\Arquivos de programas\Skype\\Phone\Skype.exe" [2008-02-12 20:10 21898024]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 21:11 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:45 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 15:37 79224]

"OpwareSE4"="C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 11:45 75304]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"googletalk"="C:\Arquivos de programas\Google\Google Talk\googletalk.exe" [2007-01-01 19:54 3735552]

"ISTray"="C:\Arquivos de programas\Spyware Doctor\pctsTray.exe" [2008-02-01 12:55 1103240]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:45 15360]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Google Updater.lnk - C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe [2008-04-06 18:04:20 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

"gbieh.1"= rundll32 C:\WINDOWS\gbiehbsb.dll ForcarNotify

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\ARQUIV~1\GBPLUGIN\gbieh.dll [2008-03-11 08:18 354600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

C:\ARQUIV~1\GBPLUGIN\gbieh.dll 2008-03-11 08:18 354600 C:\ARQUIV~1\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo8"= VfWWDM32.dll

"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

-r------- 2006-07-18 22:41 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]

--------- 2006-07-18 22:41 53248 C:\Arquivos de programas\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-04 00:45 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]

--a------ 2003-09-20 16:23 45056 C:\Arquivos de programas\SlySoft\AnyDVD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

-ra------ 2006-06-12 22:57 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

-ra------ 2006-06-12 22:57 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

-ra------ 2006-06-12 22:57 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2005-08-11 15:30 249856 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

--a------ 2005-08-11 15:30 81920 C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-11-02 19:24 32768 C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-r------- 2006-07-18 22:42 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

-r------- 2006-07-18 22:42 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

--a------ 2006-09-28 12:16 185896 C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"C:\\Arquivos de programas\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=

"C:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Google\\Google Talk\\googletalk.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 15:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 15:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c3ec1e-c812-11dc-9eb7-00197e55884e}]

\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c3ec1f-c812-11dc-9eb7-00197e55884e}]

\Shell\Auto\command - msnmsgr.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{599415b6-b47c-11dc-9e71-00197e55884e}]

\Shell\Auto\command - MicrosoftPowerPoint.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853d8015-f5dd-11dc-9f30-00197e55884e}]

\Shell\AutoRun\command - fufb6tq3.cmd

\Shell\explore\Command - fufb6tq3.cmd

\Shell\open\Command - fufb6tq3.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aab05648-cab7-11dc-9ebd-00197e55884e}]

\Shell\Auto\command - E:\msnmsgr.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msnmsgr.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - GUSVC

*Newly Created Service* - IKFILESEC

*Newly Created Service* - IKSYSFLT

*Newly Created Service* - IKSYSSEC

*Newly Created Service* - SDAUXSERVICE

*Newly Created Service* - SDCORESERVICE

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-06 22:48:47

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-04-06 22:49:27

ComboFix-quarantined-files.txt 2008-04-07 01:49:16

ComboFix2.txt 2008-04-06 19:51:48

Pre-Run: 100,376,117,248 bytes disponíveis

Post-Run: 100,365,725,696 bytes disponíveis

.

2008-03-12 06:02:32 --- E O F ---

- Log Hijack

Logfile of HijackThis v1.99.1

Scan saved at 22:54:55, on 6/4/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Win\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198714052294

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

e ai? resolveu alguma coisa?

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Ok, o log está limpo :)

- Digite no Executar combofix /u e clique em Ok. Na próxima janela clique em "Executar" e aguarde a remoção do programa;

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados

- Desative e ative novamente a Restauração do Sistema

- Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ai meu Deus! Então, fiz tudinho o que o senhor mandou e ainda continua aparecendo a caixinha com aquele diálogo chato quando ligo o pc...

será que tem salvação?:eek::confused::(

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Selecione o texto abaixo e copie para o bloco de notas. Salve-o como CFScript.txt;

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\run]
"gbieh.1"=-

- Arraste o CFScript.txt para o ComboFix conforme a imagem abaixo:

CF_Script.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando terminar, será gerado um log, que estará em C:\ComboFix.txt.

Obs: Se o Combofix não reiniciar seu computador automaticamente, faça-o manualmente.

Na sua próxima resposta, cole o ComboFix.txt e um novo log do HijackThis.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Então, tentei fazer o que mandou, mas agora nem o ComboFix ta rodando mais...

Eu arrasto o arquivo salvo no Bloco de Notas para o ComboFix, ele abre a janelinha azul e fecha sozinho. Não acontece nada....

Consegui! Instalei de novo o Combofix, ele não só rodou, como abriu uma tela enorme falando que meu pc tava com erro e fez um despejo de memória, dai quando terminou, iniciou o windows...

As logs que tenho agora são as seguintes:

- Combofix

ComboFix 08-04-08.4 - Win 2008-04-08 15:36:38.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.212 [GMT -3:00]

Executando de: C:\Documents and Settings\Win\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Win\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- Hijack This

Logfile of HijackThis v1.99.1

Scan saved at 15:47, on 2008-04-08

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Win\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198714052294

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{26280688-77B0-49F7-B7B0-CD10C0934B9F}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

quando o windows iniciou a janelinha com o erro do vírus gbiehbsb.dll continuou aparecendo...

Compartilhar este post


Link para o post
Compartilhar em outros sites

sim, isso já fiz, mas faço de novo...e dai?

toda vez que for rodá-lo preciso desabilitar o anti-virus, o firewall que baixei e o spyware, né?

Compartilhar este post


Link para o post
Compartilhar em outros sites

prontinho, fiz tudo de novo

os novos logs

- combofix

ComboFix 08-04-08.4 - Win 2008-04-09 18:30:43.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.134 [GMT -3:00]

Executando de: C:\Documents and Settings\Win\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Win\Desktop\CFScript.txt

* Criado um novo ponto de restauro

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

- hijack this

Logfile of HijackThis v1.99.1

Scan saved at 18:41, on 2008-04-09

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Arquivos de programas\Spyware Doctor\pctsTray.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\System32\alg.exe

C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Win\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [OpwareSE4] "C:\Arquivos de programas\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [googletalk] C:\Arquivos de programas\Google\Google Talk\googletalk.exe /autostart

O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\bonjour\mdnsnsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198714052294

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{26280688-77B0-49F7-B7B0-CD10C0934B9F}: NameServer = 200.165.132.148 200.165.132.155

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\Spyware Doctor\pctsSvc.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Arquivos de programas\Sunbelt Software\Personal Firewall\kpf4ss.exe

....e a janelinha continua...

Compartilhar este post


Link para o post
Compartilhar em outros sites

obrigada pela ajuda, mas formatei meu pc...

foi o único jeito que encontrei de remover o vírus..

valeu mesmo!

beijo

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×